How to connect to a DMZ AD Domain

Question

I am currently connected to multiple AD domain inside the firewall. 
 How do I connect to a AD domain in the DMZ? Is there a checklist or document which describes what port need to be opened and how to configure it. 
 
 Thanks

Aidar.Karabalaev · Answer

I understand the question in the following way. 
INTRANET: AD/DCs, PWM01 Admin Service Server, SQL\PM db, SSRS are here protected by FW. 
INTERNET\DMZ: IIS\PMW02 website pointing to PWM01 ADmin Service via FW port open between DMZ<=>INTRANET and specified during install of the website. There is no DMZ\PWM ADmin Service in DMZ for security reasons.

Aidar.Karabalaev · Answer

Option1) assume DMZ-Domain\DC01 exists inside the INTRANET. Point existing INTRANET\PWM01 ADmin Service to the INTRANET\DMZ-domain\DC01. And install DMZ\IIS\PMW02-website (as described in prev post). 
Option2) install separate DMZ\PWM03 ADmin Service inside DMZ independent of the PWM01 and point to DMZ\DMZ-domain\DC. 
I strongly do not recommend to put INTRANET related PWM ADmin Service inside DMZ for security reasons.